Tuesday, July 15, 2014

Vulnerability and Risk for the Model Payment System

Once finishing the sketch of a design for a payment system (See last 3 blogs), I can do what I never get to do in public with a real system. I get to publically expose its risks, and not just the boring risks wholesale bankers discuss, namely liquidity, credit, systemic, operational, and legal, but the vulnerability to planned attacks, and the validity of funds spent for defense, and insurance against attacks.

An astute observer may note that the difference between wholesale and retail payment hubs is value. Speaking from memory, retail payment system value in 2012 was $79 Trillion, while wholesale payment value for that year was $750 Trillion 

Since aggregate retail payments have about 1/10th the value as wholesale payments, the risk of loss has the same decrease in value. Further all the boring risks wholesale payments system managers spend fussing over do not really affect retail payment systems as much because if you knock out one player, the boat still floats if it is a healthy, evolving and growing system and has meaningful rules. Rules are important; but, I can say from the bottom of my heart that there are people within the payment system industry that know a lot more about writing rules than me, I want to attack.  

Besides, it is not the rules governing the model system; I plan to build a public access audit port to (SVGRTP) hubs.  This multi-function inspection probe with public access mitigates risks or at least allows potential partners to monitor the real risks of partner or potential partner payment hubs, but I wanted to take time here to attack it, not protect it.

I name the model under investigation the Virtual Bum’s Pocket (VBP); it is the SVGRTP discussed in the last 3 blogs. VBP hubs issue virtual currency and so a time tested attack is to manufacture value and introduce it from an unauthorized source. Certainly, this is a prime avenue for an attack. The currency design is the prime defense against counterfeiting. The currency has 3 protections against its counterfeiting, namely:

  • Non-revocable doubly signed certificates
  • Responds to “page”
  • Insurance

The Europay MasterCard VISA (EMV) specifications (particularly volume 2, see http://www.emvco.com/specifications.aspx?id=223 ) adequately describe implementing signed certificates. Two other elements make currency attack difficult. The currency if placed in specially designed containers respond to a page requests. The issuer sends a request for the currency to give its location and if it resides in an authorized container communicating with the world at large it responds. The issuer can revoke it if the currency does not respond by a time specified by the issuer. If the currency issuer opted for insurance, the insurance company may imbed tracking controls within the currency data. Those tracking controls known only to the insurance company contain a wide array of constantly evolving defenses.

I now have the defenses in place. I will implement my attack tomorrow. Moo ha ha.

Next Blog: In which our young hero, attacks the bum’s pocket with stone knives and bearskins

No comments:

Post a Comment